CWE-591 77 个 CVE MITRE 定义 ↗

CWE-591:Sensitive Data Storage in Improperly Locked Memory

概览

CWE-591(Sensitive Data Storage in Improperly Locked Memory)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。

安全影响
安全影响:因产品与场景而异;请结合 CVE 记录、严重度评分与 MITRE 说明进行优先级判断。

描述

The product stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.

适用平台

类型 名称 普遍性 OS / CPE
language Not Language-Specific Undetermined

本库相关 CVE

下列 CVE 在本库中映射到该弱点,并保留以便追溯与检索。

CVE 公开时间 摘要
CVE-2025-11711 2025-10-14 There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderb…
CVE-2025-48819 2025-07-08 Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2025-30394 2025-05-13 Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVE-2025-27732 2025-04-08 Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-27484 2025-04-08 Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.
CVE-2025-27482 2025-04-08 Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-27475 2025-04-08 Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
CVE-2025-27471 2025-04-08 Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.
CVE-2025-26686 2025-04-08 Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
CVE-2025-26671 2025-04-08 Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-26665 2025-04-08 Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.
CVE-2025-26648 2025-04-08 Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-24045 2025-03-11 Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-24035 2025-03-11 Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-21309 2025-01-14 Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-21294 2025-01-14 Microsoft Digest Authentication Remote Code Execution Vulnerability
CVE-2025-21224 2025-01-14 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2024-49132 2024-12-11 Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49128 2024-12-11 Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2024-49126 2024-12-11 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

曾用名

  • Memory Locking (2008-04-11)

内容提交

名称
CWE Community
日期
2006-12-15
版本
Draft 5
评论
Submitted by members of the CWE community to extend early CWE versions

内容修订

日期 名称 版本 重要性 评论
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-05-27 CWE Content Team 1.4 updated Description, Other_Notes
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Relationships, Taxonomy_Mappings
2020-02-24 CWE Content Team 4.0 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Weakness_Ordinalities
2026-04-30 CWE Content Team 4.20 updated Observed_Examples
cvelogic Threat Intelligence